Skip to main content

Home/ Indie Nation/ Group items tagged iran

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
John Lemke

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica - 0 views

arstechnica.com/...-months-tapped-iran-nuke-talks

2015 kaspersky iran ars stuxnet malware cyber warfare espionage blackhat attack virus zero-day

shared by John Lemke on 10 Jun 15 - No Cached
  • Since some time in the second half of 2014, a different state-sponsored group had been casing their corporate network using malware derived from Stuxnet, the highly sophisticated computer worm reportedly created by the US and Israel to sabotage Iran’s nuclear program.
  • the malware was more advanced than the malicious programs developed by the NSA-tied Equation Group that Kaspersky just exposed. More intriguing still, Kaspersky antivirus products showed the same malware has infected one or more venues that hosted recent diplomatic negotiations the US and five other countries have convened with Iran over its nuclear program.
  • We see this battle or arms race emerging and now it involves some kind of confrontation between the security industry and nation-state sponsored spies
  • ...3 more annotations...
  • Kaspersky officials first became suspicious their network might be infected in the weeks following February's Security Analyst Summit, where company researchers exposed a state-sponsored hacking operation that had ties to some of the developers of Stuxnet. Kaspersky dubbed the highly sophisticated group behind the 14-year campaign Equation Group. Now back in Moscow, a company engineer was testing a software prototype for detecting so-called advanced persistent threats (APTs), the type of well-organized and highly sophisticated attack campaigns launched by well-funded hacking groups. Strangely enough, the developer's computer itself was having unusual interactions with the Kaspersky network. The new APT technology under development, it seemed, was one of several things of interest to the Duqu attackers penetrating the Kaspersky fortress. "For the developer it was important to find out why" his PC was acting oddly, Kamluk said. "Of course, he did not consider that machine could be infected by real malware. We eventually found an alien module that should not be there that tried to mask behind legitimate looking modules from Microsoft. That was the point of discovery."
  • What they found was a vastly overhauled malware operation that made huge leaps in stealth, operational security, and software design. The Duqu actors also grew much more ambitious, infecting an estimated 100 or so targets, about twice as many as were hit by the 2011 version.
  • So the Duqu 2.0 attackers pulled an audacious feat that Kaspersky researchers had never seen before. Virtually all of the malware resided solely in the memory of the compromised computers or servers. When one of them was restarted, the infection would be purged, but as the rebooted machine reconnected to the network, it would be infected all over again by another compromised computer in the corporate network. The secret lynchpin making this untraceable reinfection scheme possible was the Windows vulnerability Microsoft patched only Tuesday, which has been designated
John Lemke

Officials see Iran, not outrage over film, behind cyber attacks on US banks - Open Channel - 0 views

openchannel.nbcnews.com/...hind-cyber-attacks-on-us-banks

2012 attacks iran Cyberwarefare hacking banks cyber warfare

shared by John Lemke on 22 Sep 12 - No Cached
  • The attack is described by one source, a former U.S. official familiar with the attacks, as being "significant and ongoing" and looking to cause "functional and significant damage." Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks.
  • There was no report of an attack on the New York Stock Exchange.
John Lemke

BBC News - Blizzard cuts off Iranian access to World of Warcraft - 0 views

www.bbc.com/...technology-19399375

2012 warcraft bbc news blizzard iranian access world of warcraft cuts TGGN 2012.09.11

shared by John Lemke on 12 Sep 12 - No Cached
  • "This week, Blizzard tightened up its procedures to ensure compliance with these laws, and players connecting from the affected nations are restricted from access to Blizzard games and services," read the statement. Unfortunately, said Blizzard, the same sanctions meant it could not give refunds to players in Iran or help them move their account elsewhere. "We apologise for any inconvenience this causes and will happily lift these restrictions as soon as US law allows," it added. Although the block on Wow has been imposed by Blizzard, other reports suggest a wider government ban might have been imposed.
John Lemke

US banks hit by more than a week of cyberattacks (Update) - 0 views

phys.org/...9-banks-week-cyberattacks.html

2012 banks Cyberwarefare cyber warfare cyberattack cyberwar USA Akamai Joe Lieberman

shared by John Lemke on 29 Sep 12 - No Cached
    • John Lemke
      John Lemke on 29 Sep 12
       
      They believe it was not a hacktivist attack because they are usually also associated with a rise in IRC and social network activity, those who would be joining the hacktivist event, and this even had no such spike.
  • Could a state actor be at play? U.S. Senator Joe Lieberman, without offering any proof, said he believed the assaults were carried out by Iran in retaliation for tightened economic sanctions imposed by the United States and its allies.
  • only a handful of groups out there that have the technical ability or incentive
  • ...3 more annotations...
  • at least half a dozen banks—including the Bank of America, JPMorgan Chase, and Citigroup—have witnessed traffic surges and disruptions. Not all have confirmed they were the victims of an online onslaught, but such surges are a hallmark of denial-of-service attacks, which work by drowning target websites with streams of junk data.
  • Such attacks are fairly common and generally don't compromise sensitive data or do any lasting damage. Still, they can be a huge headache for companies that rely on their websites to interact with customers.
  • Most say the recent spate of attacks has been unusually powerful. PNC bank, which was hit on Thursday, has never seen such a strong surge in traffic, spokesman Fred Solomon said in a telephone interview. Smith said he estimated the flow of data at 60 to 65 gigabits per second.
1 - 4 of 4
Showing 20 items per page